{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3071", "assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "state": "PUBLISHED", "assignerShortName": "HiddenLayer", "dateReserved": "2026-02-23T19:38:10.854Z", "datePublished": "2026-02-26T14:56:39.524Z", "dateUpdated": "2026-02-27T16:21:29.889Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Flair", "repo": "https://github.com/flairNLP/flair", "vendor": "Flair", "versions": [{"lessThanOrEqual": "*", "status": "affected", "version": "0.4.1", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model."}], "value": "Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "shortName": "HiddenLayer", "dateUpdated": "2026-02-26T14:56:39.524Z"}, "references": [{"url": "https://www.hiddenlayer.com/sai-security-advisory/2026-02-flair"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"references": [{"url": "https://www.hiddenlayer.com/sai-security-advisory/2026-02-flair", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T16:21:25.434767Z", "id": "CVE-2026-3071", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T16:21:29.889Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3071", "assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "state": "PUBLISHED", "assignerShortName": "HiddenLayer", "dateReserved": "2026-02-23T19:38:10.854Z", "datePublished": "2026-02-26T14:56:39.524Z", "dateUpdated": "2026-02-27T16:21:29.889Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Flair", "repo": "https://github.com/flairNLP/flair", "vendor": "Flair", "versions": [{"lessThanOrEqual": "*", "status": "affected", "version": "0.4.1", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model."}], "value": "Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "shortName": "HiddenLayer", "dateUpdated": "2026-02-26T14:56:39.524Z"}, "references": [{"url": "https://www.hiddenlayer.com/sai-security-advisory/2026-02-flair"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3071", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T16:21:25.434767Z"}}}], "references": [{"url": "https://www.hiddenlayer.com/sai-security-advisory/2026-02-flair", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T16:21:20.126Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model."}, {"lang": "es", "value": "Deserializaci\u00f3n de datos no confiables en la clase LanguageModel de Flair desde las versiones 0.4.1 hasta las m\u00e1s recientes son vulnerables a ejecuci\u00f3n de c\u00f3digo arbitrario al cargar un modelo malicioso."}], "id": "CVE-2026-3071", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary"}]}, "published": "2026-02-26T15:17:48.803", "references": [{"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "url": "https://www.hiddenlayer.com/sai-security-advisory/2026-02-flair"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.hiddenlayer.com/sai-security-advisory/2026-02-flair"}], "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.4.1,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Flair", "source": "cna", "vendor": "Flair"}, "product": "flair", "vendor": "flair"}], "analysis": {"en": {"generated_at": "2026-04-17T14:22:10.639737+00:00", "value": {"mitigation_remediation": ["Update Flair to a release that contains the deserialization fix, if one is available. ", "If a patch is not yet released, restrict model loading to trusted, authenticated sources and never load arbitrary user\u2011supplied model files. ", "Apply input validation or switch to a safer serialization mechanism that disallows dynamic code execution during deserialization."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "Flair, a machine learning library, is affected in all releases starting with 0.4.1 through the most recent version. Any deployment that loads models using the LanguageModel class is at risk. The vulnerability is listed against the Flair product across all affected releases.", "description_and_impact": "The vulnerability arises from deserialization of untrusted data in the LanguageModel class of Flair, enabling arbitrary code execution when a malicious model file is loaded. This flaw is a classic insecure deserialization weakness (CWE\u2011502) that can compromise confidentiality, integrity, and availability if an attacker can control model input. The impact is the ability to run arbitrary code with the privileges of the process that loads the model.", "risk_and_exploitability": "The CVSS score of 8.4 indicates high severity. The EPSS score is below 1\u202f%, suggesting limited current public exploitation activity, and it is not currently listed in the CISA KEV catalog. However, the vulnerability allows remote code execution, forcing users to treat it as high risk. Attackers would typically supply a crafted model file or supply a maliciously encoded model through any ingestion pathway. The exploitation requires only the ability to trigger the loading of a model file, so environments that allow model uploads or downloads are especially vulnerable."}}}}, "created": "2026-02-27T09:07:30.419703+00:00", "title": "Arbitrary Code Execution via Untrusted Deserialization in Flair LanguageModel", "updated": "2026-04-17T14:30:20.823481+00:00", "vendors": ["flair", "flair$PRODUCT$flair"]}